CVE-2025-63227 affects the Mozart FM Transmitter web management interface, specifically version WEBMOZZI-00287. The vulnerability is an unrestricted file upload flaw located in the /patch.php endpoint. This flaw allows an attacker who has administrative credentials to upload arbitrary files, including malicious PHP webshells, to the /patch/ directory on the server. Once uploaded, these files can be executed remotely, enabling the attacker to run arbitrary commands on the underlying system. This can lead to full system compromise, including unauthorized access to sensitive data, modification or destruction of system files, and disruption of service. The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and has a CVSS 3.1 base score of 7.2, indicating high severity. The attack vector is network-based, with low attack complexity, but requires high privileges (administrative access) and no user interaction. The scope is unchanged, meaning the impact is limited to the vulnerable component but can affect the entire system's confidentiality, integrity, and availability. No patches or exploit code are currently publicly available, but the risk remains significant due to the potential for remote code execution. Organizations using this product should be vigilant and apply mitigations promptly once patches are released.

For European organizations, this vulnerability poses a significant risk to the security of broadcast infrastructure and related systems that use the Mozart FM Transmitter. Successful exploitation could lead to unauthorized control over the transmitter system, potentially disrupting broadcast services or enabling further lateral movement within the network. Confidential data managed by the system could be exposed or altered, and attackers could use the compromised system as a foothold for broader attacks. The requirement for administrative credentials limits the attack surface but does not eliminate risk, especially if credential theft or insider threats are present. Disruption of broadcast services could have regulatory and reputational consequences, particularly in countries with strict media and communication regulations. Additionally, critical infrastructure operators in Europe may face operational impacts and compliance challenges if such vulnerabilities are exploited.

1. Immediately restrict access to the web management interface to trusted administrative users and networks using strong authentication and network segmentation. 2. Implement strict file upload validation on the /patch.php endpoint, allowing only expected file types and scanning uploads for malicious content. 3. Employ application-layer firewalls or web application firewalls (WAFs) to detect and block suspicious file upload attempts. 4. Monitor logs for unusual upload activity or execution of unexpected files in the /patch/ directory. 5. Isolate the transmitter management system from critical internal networks to limit potential lateral movement. 6. Enforce strong credential management policies, including multi-factor authentication for administrative access. 7. Regularly audit and update administrative credentials and permissions to minimize risk. 8. Stay alert for vendor patches or updates addressing this vulnerability and apply them promptly once available. 9. Conduct penetration testing focused on file upload functionalities to identify similar weaknesses. 10. Educate administrators about the risks of file upload vulnerabilities and safe operational practices.